BugTraq Mode:
(Page 6 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
CollabNet Subversion Edge missing single login restriction 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge management missing single login
# restriction
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: No single login restriction
#
# Risk: Lo

[ more ]  [ reply ]
CollabNet Subversion Edge weak password storage mechanism 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge stores passwords as unsalted MD5 hashes
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Insecure password storage

# Risk: Medium
# Stat

[ more ]  [ reply ]
CollabNet Subversion Edge missing XSRF protection 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement XSRF protection tokens
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: XSRF
#
# Risk: Low
# Sta

[ more ]  [ reply ]
CollabNet Subversion Edge weak password policy 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge Management Frontend does not
# implement a strong password policy
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defensive me

[ more ]  [ reply ]
CollabNet Subversion Edge autocomplete on 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge management frontend login page
# password field has autocomplete enabled
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defen

[ more ]  [ reply ]
CollabNet Subversion Edge missing clickjacking protection 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge Management Frontend does not
# implement clickjacking protection
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Clickjacking
#
# Risk

[ more ]  [ reply ]
CollabNet Subversion Edge missing brute force protection 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge does not protect against brute
# forcing accounts
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defensive measures
#
# Risk:

[ more ]  [ reply ]
CollabNet Subversion Edge show local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via "fileName" parameter of the show action
#
# Date: 10.10.2014
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type:

[ more ]  [ reply ]
CollabNet Subversion Edge insecure password change 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge management frontend does not require
# current password upon password change
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Insecure

[ more ]  [ reply ]
CollabNet Subversion Edge tail local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "fileName" parameter of the "tail" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linu

[ more ]  [ reply ]
CollabNet Subversion Edge downloadHook local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "filename" parameter of the "downloadHook" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fed

[ more ]  [ reply ]
CollabNet Subversion Edge Password Hash Leak 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge Management frontend user credential
# (hash) leak
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Credential leak
#
# Risk: Medium
# S

[ more ]  [ reply ]
CollabNet Subversion Edge Hook Script Privilege Escalation 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: The CollabNet Subversion Edge Management Frontend SVN hook scripts
# privilege escalation
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Privilege escalation desig

[ more ]  [ reply ]
CSRF Vulnerability in C2Box application CVE-2015-4460 2015-06-27
wissam bashour helpag com
Please add this advisory to your archive.
Thanks.
#####################################
Title: Cross-Site Request Forgery (CSRF) Vulnerability in C2Box application Allows adding an Admin User or reset any user's password.
Author: Wissam Bashour - Help AG Middle East
Vendor: boxautomation(B.A.S)
Pro

[ more ]  [ reply ]
Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10 2015-06-27
Tim (tc coen gmail com)
Vulnerability: Session Fixation, Reflected XSS, Code Execution
Affected Software: PivotX (http://pivotx.net/)
Affected Version: 2.3.10 (probably also prior versions)
Patched Version: 2.3.11
Risk: Medium-High

Session Fixation
================

Risk
----

Medium; If victim clicks link and logs in

[ more ]  [ reply ]
[security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04720842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04720842
Version: 2

HPSBPI03360 re

[ more ]  [ reply ]
[security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04720842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04720842
Version: 1

HPSBPI03107 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04724996

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04724996
Version: 1

HPSBGN03362 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04576624

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04576624
Version: 3

HPSBMU03267 r

[ more ]  [ reply ]
[security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04718530

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04718530
Version: 1

HPSBUX03359 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04710027

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04710027
Version: 1

HPSBGN03351 re

[ more ]  [ reply ]
[SECURITY] [DSA 3296-1] libcrypto++ security update 2015-06-29
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3296-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
June 29, 2015

[ more ]  [ reply ]
SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences 2015-06-26
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20150626-0 >
=======================================================================
title: Critical vulnerabilities allow surveillance on conferences
product: Polycom RealPrese

[ more ]  [ reply ]
ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities 2015-06-26
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

CVE Identifier: CVE-2015-0543, CVE-2015-0544

Severity Rating: CVSS v2 Base Score: See below for individual scores for each CVE

Affected prod

[ more ]  [ reply ]
CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability 2015-06-26
Imre RAD (imre rad search-lab hu)
In November 2014, SEARCH-LAB Ltd. discovered a security vulnerability in Microsec e-Szigno, and Netlock Mokka computer applications that are used to generate and validate
digital signatures, which are applied within the official Hungarian government processes. The vulnerability affected the â??e-akt

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA 2015-06-25
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

Advisory ID: cisco-sa-20150625-ironport

Revision 1.0

For Public Release 2015 June 25 16:00 UTC (GMT)

+--------------------------------------------

[ more ]  [ reply ]
ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability 2015-06-25
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability

EMC Identifier: ESA-2015-102

CVE Identifier: CVE-2015-0545

Severity Rating: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected products:

? EMC Unisphere

[ more ]  [ reply ]
Netgear Prosafe VPN Firewalls - Multiple vulnerabilities 2015-06-25
post encripto no
About Encripto AS
=================

Encripto is a Norwegian company which provides specialized services within IT-security.
Our core expertise is security testing, network security monitoring and training.
Encripto is committed to information security. We do research to discover trends, new vulner

[ more ]  [ reply ]
[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)
ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE

Application: SAP Mobile Platform 3.0
Versions Affected: SAP Mobile Platform 3.0, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 29.12.2014

[ more ]  [ reply ]
[ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll 2015-06-25
Darya Maenkova (d maenkova erpscan com)
ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS
in the module XeClient.Dll

Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.2014
Reported:

[ more ]  [ reply ]
(Page 6 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus